New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 767588 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
aurimas@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

URL error when using "goto" function

Reported by lion.nag...@web.de, Sep 21 2017 
VULNERABILITY DETAILS
I am unsure if its a security relevant bug.
When you use the "right click" "goto" function on a link starting with ":https://" 
(the : before http is relevant, but you could also use a ".", maybe also other characters) it changes the link to https//  (see screenshots)
The link needs to have a "/" at the and or it does not show the "switch to"
I can not think about any real security problem out of it. do you see anything?

Contact details (best): l.nagenrauft@it-cube.net

VERSION
Chrome Version: [61.0.3163.9] stable
Operating System: Windows 10 up 2 date

REPRODUCTION CASE
Please see screenshots.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]
Screenshot - 21.09.2017 , 22_32_09.png
23.7 KB View Download
Screenshot - 21.09.2017 , 22_25_38.png
7.1 KB View Download

Comment 1 by palmer@chromium.org, Sep 21 2017

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Summary: URL error when using "goto" function (was: Security: URL Error when using "goto" function)
I'm not seeing the same behavior. Here is my test page:

=====
<h1><a href=":https://www.google.com/">Hello</a></h1>
=====

I don't have a "goto" function in my right-click menu, but when I click Open Link In New Tab, I get what I expect: A new tab navigated to `http://my-server/:https://www.google.com/`. A URL with a leading `:` is a relative URL, so I think that navigation result makes sense.

Do you have a minimal reproduction case? Does my example above not resemble the page you are using?

In any case, I don't see a security concern here.

Comment 2 by palmer@chromium.org, Sep 21 2017

Labels: Needs-Feedback

Comment 3 by lion.nag...@web.de, Sep 22 2017 

You are using tags - i dont use tags.

See example html file.
chrome.html
69 bytes View Download
Project Member

Comment 4 by sheriffbot@chromium.org, Sep 22 2017

Cc: palmer@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "palmer@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by palmer@chromium.org, Sep 22 2017

Cc: -palmer@chromium.org
Components: UI>Browser>Navigation
Labels: OS-Chrome OS-Linux OS-Mac OS-Windows Pri-3
Status: Available (was: Unconfirmed)
Ahh, I see. Thanks. To reproduce, you have to select the text, and then right-click on it, and then you get a Go To... option. I didn't know about that before. :)

Does this happen on mobile, too (long-press)?
Screenshot from 2017-09-22 12:52:50.png
9.2 KB View Download

Comment 6 by palmer@chromium.org, Sep 25 2017

Cc: aurimas@chromium.org
aurimas, you seem to be the owner of IDS_CONTENT_CONTEXT_GOTOURL (the person who touched chrome/browser/renderer_context_menu/render_view_context_menu.cc last seems not to be on the team any longer?). Could you take a look, or bounce this to someone who can?

Comment 7 by aurimas@google.com, Sep 25 2017 

I no longer work on Chrome and I only touched that file, so you'll have to find someone else to blame :)
Project Member

Comment 8 by sheriffbot@chromium.org, Sep 26

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment